TunnelBear Encryption

This post is out of date! To read about TunnelBear’s current encryption, check out this updated blog post.

———————

We get plenty of questions about the encryption TunnelBear uses to protect your privacy. This blog post will provide a brief overview of what we use to create our tunnels.

Encryption is a complicated topic and it’s often not as simple as comparing bitrates and selecting the highest number. If you aren’t familiar with encryption at all, it’s not a bad idea to have a quick read of Wikipedia’s encryption wiki.

A Virtual Private Network (VPN) like TunnelBear is comprised of a protocol and multiple types of encryption: data encryption, data authentication and handshake encryption.

Protocols and devices

TunnelBear uses two different VPN protocols on our network. If you’re using PC, Mac or Android, you’ll be using OpenVPN. OpenVPN is an industry standard, open source protocol. If you’re using an iOS device you’ll be using IPSec, which works best on iOS devices.

Data authentication

Any information that is sent or received from your computer must be authenticated before it can be decrypted. Data authentication is used to ensure you are who you are and prevent things like a “Man in the Middle Attack”.

Handshake encryption

An encryption handshake prevents you from unwittingly connecting to an attacker who is impersonating a TunnelBear server.

These protocols and encryption were selected after extensive research and real-world performance testing. So when TunnelBear is “On” you should feel safe and snug knowing you’re in a (strongly encrypted) bear hug.